Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have Your iPhone 6 Repaired, Only To Get It Bricked By Apple (theguardian.com)

Posted by timothy on from the cheap-is-expensive-don'tcha-know? dept.

New submitter Nemosoft Unv. writes: In case you had a problem with the fingerprint sensor or some other small defect on your iPhone 6 and had it repaired by a non-official (read: cheaper) shop, you may be in for a nasty surprise: error 53. What happens is that during an OS update or re-install the software checks the internal hardware and if it detects a non-Apple component, it will display an error 53 and brick your phone. Any photos or other data held on the handset is lost – and irretrievable. Thousands of people have flocked to forums to express their dismay at this. What's more insiduous is that the error may only appear weeks or months after the repair. Incredibly, Apple says this cannot be fixed by any hard- or software update, while it is clearly their software that causes the problem in the first place. And then you thought FTDI was being nasty ...

31 of 410 comments (clear)

  1. Solution! by Anonymous Coward · · Score: 5, Insightful

    Sell your bricked piece of shit and buy an Android phone, which does not have this problem.

    Solved.

    1. Re:Solution! by Anonymous Coward · · Score: 1, Insightful

      You mean "cancel your mobile phone service entirely"

      Android's have far worse privacy and security problems, I would never let one of those things on my network.

      That said, this is obviously designed to prevent stolen phones from being "fixed" and resold. It seems a little bit heavyhanded but might simply be a case of iOS uploading firmware to a part and because the replacement part is not the right part it bricks that part, thus bricking the entire device.

    2. Re:Solution! by oh_my_080980980 · · Score: 5, Insightful

      RTFA ass-hole:

      “I was in the Balkans covering the refugee crisis in September when I dropped my phone. Because I desperately needed it for work I got it fixed at a local shop, as there are no Apple stores in Macedonia. They repaired the screen and home button, and it worked perfectly.”

    3. Re:Solution! by Penguinisto · · Score: 2, Insightful

      Dude in the Balkans could have his phone repaired at an Apple shop when he got home, right?

      Not trying to be a dick or anything, but honestly - using a gray-market security-related part *should* get that result. If my device is stolen, I'd want that to happen - if only to prevent some schmuck from plugging in something with hacked firmware to bypass the fingerprint sensor.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
    4. Re:Solution! by Anonymous Coward · · Score: 3, Insightful

      a phone that wont boot when a different fingerprint device is installed is working properly

    5. Re:Solution! by Anonymous Coward · · Score: 5, Insightful

      This should have failed gracefully. The phone should have de-functioned the fingerprint scanner to just a home button, and asked for a PIN/password, which all iPhones pre-5S have been able to do without issue. Forcing the device to an inoperative state because one component was replaced is not ethical, nor needed.

    6. Re:Solution! by Anonymous Coward · · Score: 0, Insightful

      Because guy BROKE his own phone, then repaired it with NON STANDARD parts that do NOT work with the encryption module.

      It's like getting a master-lock rekeyed in a back alley deal and then complaining to master-lockwhen the non-standard tumblers some back alley guy in the Balkans shoved in there don't work.

      This story is more about a guy doing stupid ass shite even though he knew there was a better way, he thought he'd "risk it" and try a work around.

    7. Re: Solution! by TheReaperD · · Score: 2, Insightful

      When I worked at Apple, I was astonished at what they charged for parts, a motherboard that I could have gotten an equivalent (but, not compatible) board brand new from ASUS for around $60-90 Apple was charging $695 for a refurbished board! Apple was charging a $600 premium for the part because they knew you couldn't get it anywhere else. Fuck you Steve Jobs!

      --
      "Be particularly skeptical when presented with evidence confirming what you already believe." -
    8. Re: Solution! by NicBenjamin · · Score: 2, Insightful

      Have you ever worked outside the desktop computer industry? Like, at all? Computer parts tend to be incredibly cheap because the Chinese are competing with the Koreans to make an extremely standard part for as little money as physically possible.

      Everywhere else this is not the case. Either you have to pay for your own manufacturing plant to get the correct part, or you have to cannibalize it from something that used that exact part. The manufacturer will always charge you the "I just spent $500 million setting up a plant in Sichuan" price even if they are cannibalizing.

      Cars, laptops, cell phones all work that way. The parts are worth much more then the entire product, particularly at the manufacturer's price. OTOH, it's almost always possible to make the same desktop Dell is selling for less then Dell is charging by using commodity desktop parts.

  2. Maybe a good thing by Anonymous Coward · · Score: 3, Insightful

    Probably to prevent hardware attacks on phone encryption

    1. Re:Maybe a good thing by Anonymous Coward · · Score: 4, Insightful

      I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

      So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

      OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

    2. Re:Maybe a good thing by Anonymous Coward · · Score: 5, Insightful

      So just disable the fingerprint part of the button, no need to brick a device.

    3. Re:Maybe a good thing by AmiMoJo · · Score: 5, Insightful

      Makes no sense. The flash memory is encrypted and the key is stored in a secure area of the CPU. The CPU is hardened so that you can't exact the key with an electron microscope or by de-capping it. It might be possible to get that key, but only with specialist equipment and unpublished vulnerabilities.

      Replacing the fingerprint sensor won't get you anywhere. To unlock the phone after boot you need the passcode. Okay, say you keep it powered up while replacing the sensor. So what, you still need to send the phone the fingerprint data that matches the owner's finger, so it got you nothing.

      We I were being generous I'd suggest that Apple just screwed up and made the list of "panic, erase key!" events a bit too long. More likely they just want to discourage people from getting third party repairs, because they know you have money and they want it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Maybe a good thing by cyn1c77 · · Score: 4, Insightful

      OTOH, this appears to still happen if the phone itself is reset to a factory image. It doesn't seem to be that much of a security risk if instead of refusing to work, the phone, after being reset, would renegotiate encryption with the sensor. There's no data to be stolen in that scenario. And there's other mechanisms to prevent a stolen phone from having resale value.

      It's still a security risk. You could imaging intercepting new iPhones, replacing the fingerprint sensor with a compromised one containing a backdoor, then reimaging the phones, putting them back in the box, and selling them to your target. After your target loads their sensitive data on to them, you could then retrieve it using the compromised sensor.

      I agree this is somewhat contrived and Apple is likely just looking to block third party repairs, but it still is a valid security risk.

    5. Re:Maybe a good thing by The+Rizz · · Score: 5, Insightful

      I did some reading, and it appears to be the fingerprint sensor. The sensor itself has an encrypted channel to the mainboard. If the cable is damaged or the sensor is replaced/not working, it doesn't sync up properly.

      So it makes sense to refuse to work with a different sensor. Else, someone could unlock your phone by simply bypassing the sensor.

      No. Refusing all access to your device because one small component is damaged does not make sense. Not using that component to do the unlock - and making you use the non-fingerprint method - is what would make sense.

    6. Re:Maybe a good thing by dkman · · Score: 3, Insightful

      Seems to me that of the phone doesn't like the sensor instead of bricking itself it should disable the sensor and move on, so you can type in your passcode and use the phone. I know that so 2007, but it's better than having a fancy paperweight.

      --
      I refuse to sign
    7. Re:Maybe a good thing by Anonymous Coward · · Score: 2, Insightful

      1. Steal phone.
      2. Replace the fingerprint sensor with one that stores the fingerprint data.
      3. Return phone.
      4. Wait for user to swipe.
      5. Steal phone again.

    8. Re:Maybe a good thing by david_thornley · · Score: 2, Insightful

      Good security sometimes makes no sense to the casual observer. Security is hard to do right and easy to screw up. I'd want to find out why the feature is there in detail and from a security person who knows what he or she is talking about before jumping to conclusions.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    9. Re: Maybe a good thing by Anonymous Coward · · Score: 1, Insightful

      You are a moron seriously. You signed away your rights when you bought the phone, you agreed to this. It's a security feature and frankly I'm fine with it. If android did this everyone would be giving them high praise. See Google cares about security. Give me a break. Apple implements a security feature to protect users and people still fucking complain.

      You can still replace other parts of the phone. Since the fingerprint scanner is tied to the motherboard, that's the piece you can't replace. I see nothing wrong with this.

  3. Getting away with it? by Z00L00K · · Score: 5, Insightful

    If Apple gets away with this we may see more vendors doing the same thing to the stuff we own.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:Getting away with it? by gstoddart · · Score: 5, Insightful

      You don't own it, and you know you don't own it. You merely paid money for the right to use the hardware under the terms of their license.

      Your ownership of these things ended some years ago as far as they're concerned.

      This is no different from Microsoft deciding it's their computer, and they'll do whatever the fuck they want with it.

      Consumers have more or less had the concept of ownership yanked out from underneath them, and had it replaced with a licensing agreement which the company can change at will.

      --
      Lost at C:>. Found at C.
    2. Re:Getting away with it? by Jason+Levine · · Score: 4, Insightful

      Can't find the right moderation. Where's "+1 Shaking My Head Sadly At The State Of The Tech World"?

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  4. Damned if you do, damned if you don't by Anonymous Coward · · Score: 4, Insightful

    It sounds like Apple fixed a security bug in an SU, closing a hole which allowed attackers to replace the touch ID sensor to gain access to user data. Had Apple not made this move, we'd instead be seeing an article about how Apple products are insecure and the NSA could get access to your secure date just by replacing some hardware components. Then everyone would be up in arms, demanding this exact software change, and complaining about how Apple is reactionary and not proactive in fixing security issues.

    Of course, "Apple fixes vulnerabilities in iOS 9" is not really a catchy flambait title for an article.

    1. Re:Damned if you do, damned if you don't by Anonymous Coward · · Score: 5, Insightful

      Or instead of Error 53 they could just disable Touch ID and require you to enter you PIN code.

      Which would make sense since you need the PIN to enable Touch ID in the first place, as it's automatically turned off when the phone first starts and if the phone isn't unlocked for over 48 hours.

      No, this is solely to brick the phone if you dare not pay for overpriced Apple repairs.

    2. Re:Damned if you do, damned if you don't by Austerity+Empowers · · Score: 4, Insightful

      You could replace the fingerprint sensor with something that could provide arbitrary fingerprints, possibly based on a collection you have made of them. Then use your collection to buy stuff. Requires no memory in the sensor at all. This is much faster than creating molds of fingerprints and applying them to the sensor. I can see Apple not wanting to tolerate replacing things tied in to your CC #.

      Replacing a battery seems less defensible to me, if that aspect is true. It's hard to argue this is tied in to any trust chain.

    3. Re:Damned if you do, damned if you don't by leathered · · Score: 1, Insightful

      The idea that an attacker would somehow get hold of your phone, take it to pieces, change the sensor and replace it where you left it without you noticing is fanciful to say the least. It would be much easier to get hold of your real fingerprint, of which you leave a copy in thousands of different places every day, and use that to access your device.

      --
      For all intensive porpoises your a bunch of rediculous loosers
  5. Magnuson Moss Warranty Act? by apenzott · · Score: 4, Insightful
    I would like to see how this squares with the Magnuson Moss Warranty Act.

    The provisions for the FTC and the resultant class action provisions could get expensive.

    --
    The Roman Rule: The one who says it cannot be done shall not interrupt the one who is doing it.
  6. Um.... duh? by ilsaloving · · Score: 4, Insightful

    Apple has made it abundantly clear that they are selling a *secure* device. Always on encryption, etc etc.

    How would you expect such a device to behave when it is compromised with unauthorized components? A phone with 3rd party components could do pretty much *anything*, including sending everything on the device to an unknown third party, without your knowledge or consent.

    Heck, this sort of "problem" just makes me appreciate Apple's commitment to security even more.

    My only complaint is that the phone doesn't brick soon enough. It should brick itself immediately upon the next boot up.

  7. Re:Context On the Issue by Kohath · · Score: 2, Insightful

    Fiendish villainy! How should we punish these monsters!!!? Won't someone think of the children!!!??

    Also, I have this 14-step procedure that they should have thought of in advance to avoid this problem....of enabling 3rd party "repairs". Because why wouldn't a company want to spend a huge amount of time to enable their competitors? Because they're monsters. That's the only explanation.

    And they're even more villainous for "lying" to everyone. They said only good things about their products. Why didn't they pay for TV advertisements to tell us all the potential bad things that could happen? Because they hate you and your mom and want her phone to fail when rapists are breaking into her house. No way could there be anything else going on.

    The class action lawsuit starts now! No one should ever be allowed to make a secure product like this. Or to say good things about it without imagining and communicating all the possible bad things. Or to ever have one of their products fail in any way, regardless of who opens it up and tinkers with the parts inside.

    The internet has spoken.

  8. Re:Context On the Issue by Maritz · · Score: 3, Insightful

    When iOS detects that the pairing fails, touch ID, including Apple Pay, is disabled so the device remains secure.

    Which is achieved by making the phone completely inoperable? Sounds like overkill, especially if the touch ID itself is configured by first entering the PIN. Sounds like it would be perfectly reasonable for it to fall back to PIN, unless of course the goal is to generate a new sale by bricking the phone.

    --
    I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
  9. Microsoft will generally not brick your computer. by tlambert · · Score: 1, Insightful

    That's not bricking. Bricking would be MS rendering components in the computer or the entire computer unusable.

    Microsoft will generally not brick your computer.

    They may decide, however, that if you have replaced sufficient components of the computer, that it is not the same computer for which the OS has been licensed, and refuse you the right to run the OS. You're still free, however, to either put some of the old components back so that that's no longer the case, or boot Linux on the thing instead.

    In the case of the OP, technically, they've replaced enough components that Apple has decided that it's not the machine for which iOS was licensed to run, which is very similar in scope.